{config, numbers, pkgs, lib, ...}: with lib; let hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName); strIfHasIface = iface: s: if hasIface iface then s else ""; attrsetIfHasIface = iface: as: if hasIface iface then as else {}; eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else []; nameservers = filter (x: x != "") [ "127.0.0.1" (if config.networking.hostName != "snorlax" then (numbers.api.hostIface "snorlax" "sec0").ip else "") (if config.networking.hostName != "sobble" then (numbers.api.hostIface "sobble" "sec0").ip else "") (if config.networking.hostName != "rowlet" then (numbers.api.hostIface "rowlet" "sec0").ip else "") ]; in { imports = [ #./pgpool.nix ./udp514.nix ]; services.udp514-journal.enable = true; services.coredns = { enable = true; config = '' . { ${strIfHasIface "sxxxxec0" "bind sec0"} ${strIfHasIface "xxxxlan0" "bind lan0"} nsid ${config.networking.hostName} forward . 172.16.1.8 template IN A server.dns { answer "{{ .Name }} 0 IN A ${(numbers.api.hostIface config.networking.hostName "sec0").ip}" } } ''; }; services.resolved.enable = false; #networking.resolvconf.enable = false; environment.etc."resolv.conf".text = foldl' (a: s: if s == "" then a else "${a}nameserver ${s}\n") "" nameservers; networking.nameservers = nameservers; system.activationScripts."corenet-flux" = mkIf true '' ln -sf ${./corenet-flux.yaml} /var/lib/rancher/k3s/server/manifests/corenet-flux.yaml ''; services.k3s = { enable = true; tokenFile = mkIf (config.networking.hostName != "snorlax") "/etc/k3s.token"; serverAddr = mkIf (config.networking.hostName != "snorlax") "https://${(numbers.api.hostIface "snorlax" "sec0").ip}:6443"; clusterInit = config.networking.hostName == "snorlax"; extraFlags = ( #" --datastore-endpoint=nats://localhost:4222?noEmbed=true&bucket=k0-kine&replicas=2"+ " --disable=traefik"+ " --disable=local-storage"+ " --cluster-cidr=10.128.0.0/16"+ " --service-cidr=10.129.0.0/16"+ " --flannel-backend=vxlan"+ " --embedded-registry"+ (strIfHasIface "sec0" " --node-ip=${(numbers.api.hostIface config.networking.hostName "sec0").ip}")+ #(strIfHasIface "lan0" " --tls-san=${(numbers.api.hostIface config.networking.hostName "lan0").ip}")+ ""); }; environment.etc."rancher/k3s/registries.yaml".text = '' mirrors: "*": ''; networking.firewall.allowedUDPPorts = [ 53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250 ]; networking.firewall.allowedUDPPortRanges = [ { from = 5000; to = 32767; } ]; networking.firewall.allowedTCPPorts = [ 53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250 ]; networking.firewall.allowedTCPPortRanges = [ { from = 5000; to = 32767; } ]; }